Information Systems Security Officer (ISSO)

Since its inception in 2004, Geost has been committed to solving mission-critical space domain and ISR challenges for DOD, IC and commercial customers. Our vision is to revolutionize the space-based payload market with innovative and novel designs for space, terrestrial, and airborne environments. As we grow our operations in Tucson, AZ and Chantilly, VA, we remain dedicated to the collaborative and innovative culture that is the foundation of our business. Geost is an operating unit of LightRidge Solutions.

Position Summary

Geost seeks a motivated, career and detail-oriented Information Systems Security Officer (ISSO) to join our team. This position will be based in our Tucson, AZ or Chantilly, VA location. Geost is a multi-tasking environment that demands customer service, communication, and organizational skills. A successful candidate will be motivated, results-oriented, and have a willingness to learn. The ISSO will be responsible for implementing and maintaining security controls for systems, ensuring ongoing Authorization to Operate (ATO), and serving as a security advisor to system owners and development teams.

Duties and Responsibilities

• Serve as the ISSO for one or more systems governed by the Risk Management Framework (RMF)
• Develop, review, and update:
  • System Security Plans (SSPs)
  • Security Assessment Reports (SARs)
  • Risk Assessment Reports (RARs)
  • Plan of Action and Milestones (POA&Ms)
  • Security Controls Traceability Matrix (SCTM)
• Implement and monitor security controls per NIST 800-53, DoD STIGs, and other applicable frameworks and guidance
• Conduct regular security audits, vulnerability scans, and risk assessments
• Prepare and maintain Authorization to Operate (ATO) packages in coordination with Information System Owners (ISOs) and Authorizing Officials (AOs)
• Apply standards, directives, policies, and guidance for classified computing environments, ensuring compliance with DoD, DISA, and other federal cybersecurity mandates
• Participate in and support:
  • Security incident response and investigations
  • Contingency planning, testing, and incident response training
  • Security education and awareness initiatives across the organization
• Develop and maintain:
  • Multiple CONOPS (Concept of Operations), policies, and guides supporting RMF and customer SSPs
  • Contingency Plans (CPs) and Incident Response Plans (IRPs)
  • Hardware/software inventory and configuration management (CM) documentation
• Conduct independent system scans using tools such as:
  • Nessus Vulnerability Scanner
  • DISA STIGs
  • Security Content Automation Protocol (SCAP) Compliance Checker (SCC)
• Monitor and enforce continuous compliance with security controls and processes throughout the System Development Life Cycle (SDLC)
• Support remediation efforts for systems to achieve and maintain accreditation status
• Interface and collaborate with cybersecurity teams, system administrators, developers, and program leadership to promote secure design, implementation, and operations
• Perform risk/vulnerability assessments and provide expert recommendations to mitigate risks
• Manage changes to systems and assess the impact of changes on security posture
• Serve as Data Transfer Officer (DTO) to manage secure movement of data (low-to-high and lateral only) between classified and unclassified networks
• Support self-inspections, formal assessments, and security reviews/audits, and implement corrective actions as necessary
• Ability to support travel or off-site work, as needed
• Perform other duties as assigned

Required Qualifications

• Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related field (experience may be substituted for education)
• An active U.S. Government Security Clearance - Top Secret/SCI is required. Current SSBI is preferred
• 3-5 years of experience as an ISSO or in a similar cybersecurity role
• Strong working knowledge of NIST SP 800-37, NIST SP 800-53, RMF, FISMA, and other customer directives and instructions, compliant system security plans, control implementation, system requirements, and test procedures
• Familiarity with DoD cybersecurity compliance tools (e.g. eMASS, ACAS, and HBSS)
• Experience developing and managing ATO packages
• Understanding of vulnerability management tools and secure system configuration
• Ability to recognize, adopt, use, and teach best practices in security engineering, including secure development, cryptography, network security, security operations, system security, policy, and incident response
• Demonstrated ability to research and address information security issues as required
• Experience administering system functions including security policies and account management of Microsoft Windows 10 Server 2012/2016/2019 operating systems; have familiarity with network architecture, desktop support, ports/protocols, encryption, HBSS, vulnerability scanning, auditing, etc.
• Experience with Security Technical Implementation Guides (STIGs) and Security Content Automation Protocol (SCAP) Compliance Checker (SCC)

Preferred Qualifications

• Professional certification such as CISSP, CISM, CAP, or Security+
• Experience working with classified systems and managing classified data handling procedures
• Familiarity with cloud environments (i.e. AWS, Azure, etc.) and FedRAMP compliance
• Experience with XACTA for security package compilation with the RMF Steps 1-6 and management of security integration into the program
• Experience supporting government or defense contracts

Geost reserves the right to change or assign other duties to this position.

Benefits

Hired applicants may be eligible for benefits including but not limited to:

• Health benefits
  • Medical
  • Dental
  • Vision
  • Basic life with AD&D
  • Short term disability
  • Long term disability
  • Ancillary (Voluntary life with AD&D, accident, critical illness, hospital, and pet)
  • Spending accounts (HSA, FSA, and DCFSA)
• Paid time off
• Holidays
• 401(k)
• Tuition reimbursement
• Leaves (Parental, pregnancy, and military)
• Potential bonus

Geost is an affirmative action and equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, veteran status, or genetic information. Geost is committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation to participate in the job application or interview process, please contact recruiting@geost.com.

Pay Transparency: The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)